Spring 2026
We are offering this information in a general manner and it should not be relied upon to be complete or exhaustive. The notes were prepared with assistance from Havoc Defense, our IT and cybersecurity service provider.
The threats facing individuals in the financial world have grown more sophisticated—and more personal—than ever before. Artificial intelligence (AI) has given bad actors powerful new tools to impersonate trusted institutions, craft convincing communications, and exploit the most vulnerable point in any security system: human trust. As your adviser, protecting your financial life means more than managing your portfolio. It means helping you reduce your exposure to hackers and financial fraud in a rapidly changing environment.
With that in mind, we want to share five straightforward steps that can meaningfully reduce risk for you and your family members.
1. Secure Your Email with Multifactor Authentication—Today
If there is one action you take after reading this letter, let it be this. The single most common factor we see in personal data breaches is an email account without multifactor authentication (MFA) enabled. MFA requires a second verification step—typically a code sent to your phone—before anyone can access your account, even if they have your password. Please enable it on every email account you use, and we would encourage you to have that same conversation with your spouse, children, and aging parents. This one step closes more doors than almost anything else you can do.
2. Never Trust Caller ID—Verify Before You Act
Scammers today can make a call appear to come from your bank, your custodian, or even our office. If you receive an unexpected call from any financial institution—regardless of what your caller ID displays—treat it with healthy skepticism. You are always within your rights to end the call and dial back directly using a number you trust: the number on the back of your credit card, on your most recent statement, or on the firm’s official website. No legitimate institution will object to this. If someone does object, that itself is a red flag.
3. Turn Every Suspicious Contact into an Outbound Call
This is a principle worth remembering: Convert any sketchy inbound contact into a direct outreach of your own. Whether it arrives as a phone call, email, or text message, if something feels off, do not engage with it on its own terms. Hang up, close it, and initiate your own contact to a verified number of record. The few minutes this takes can be the difference between a close call and a serious breach.
4. We Will Never Ask for Your Password or Login Credentials
Please know that neither our firm nor any custodian—including Fidelity, Charles Schwab, or similar institutions—will ever ask you to provide a username, password, authentication code, or other login credentials via email, text, or phone. If you ever receive such a request appearing to come from us, do not respond. Contact our office directly, and we will address it immediately.
5. Be Wary of Anyone Reaching Out to Help You with Security
One of the more insidious tactics in use today involves bad actors posing as security professionals—contacting you unsolicited to warn you of a threat, offering to walk you through securing your accounts, or requesting remote access to your device in order to protect you. If you receive any unsolicited outreach—by phone, email, or text—claiming to be from a cybersecurity team, a fraud department, or even someone claiming to represent our firm, apply the same rule from #3 above. End the contact and reach out directly to a verified number of record. Legitimate security support is something you initiate, not something that arrives uninvited.
Please call your portfolio manager if you have questions. If you ever receive something that feels suspicious, please reach out to us before doing anything else. No question is too small, and we would far rather field a cautious call than help you recover from a breach.
Thank you for the trust you place in us.